[New-bugs-announce] [issue34695] sqlite3: Cache.get() crashes if Cache.__init__() was not called

[Alexey Izbyshev]

New submission from Alexey Izbyshev <izbyshev at ispras.ru>:

sqlite3.Cache allows users to create uninitialized instances because it relies on __init__() instead of __new__() for initialization, which can be skipped. Cache.get() crashes if called on an uninitialized instance:

>>> from sqlite3 import Cache
>>> Cache.__new__(Cache, None).get(42)
Segmentation fault (core dumped)

I see the following ways to fix this:

1) Explicitly check that the instance is initialized in Cache methods (this is what sqlite3 does for Connection and Cursor).

2) Move initialization from __init__() to __new__(). The latter can't be skipped due to Python safety checks. The issue here is that pysqlite_cache_init() is declared in Modules/_sqlite/cache.h, and while it's not directly called anywhere in Python sources, removing or changing it might be considered a change in public API.

3) Remove Cache from sqlite3 module dictionary. It's not clear to me why it's there because it's only used internally by Connection, is not documented, and there is no API to supply user-created Cache instances to sqlite3. Also, there are no tests for Cache.

I'll submit a PR implementing the first (most backwards-compatible) fix, but will be happy if (2), (3) or any other more reliable fixes can be considered.

----------
components: Extension Modules
messages: 325440
nosy: berker.peksag, ghaering, izbyshev, serhiy.storchaka
priority: normal
severity: normal
status: open
title: sqlite3: Cache.get() crashes if Cache.__init__() was not called
type: crash
versions: Python 2.7, Python 3.6, Python 3.7, Python 3.8

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34695>
_______________________________________